Hello Oliver and Company, I had successfully enabled the accessControl. My issue now is that I am using another superuser I created (I called it admin2) to modify my users. Now, I am no longer to modify my users because he does not have access.
I read about Prescriptive ACIs, but the lack of examples left me kind of stumped. How can I grant all access to admin2 only, or something with the dn=uid=admin,ou=system? Thanks, Kevin On Wed, Nov 2, 2011 at 2:04 PM, Oliver Schmidt <[email protected]> wrote: > On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton <[email protected]> > wrote: > >> Hello everyone, >> >> My name is Kevin and I am writing to ask a question about access to >> ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the >> apacheds is used to authenticate the users on my website. My question >> is about accessing the apacheds. On my Apache Directory Studio, I can >> login as admin and see everything. The problem is that I can also log >> in as any other user in the database and I can see other user's >> information. Not sure if I am being clear. >> >> If someone has their own username and password and also the port and >> address of my server, they can login (using Apache Directory Studio or >> any other client) and see all of the records. Obviously the passwords >> are hashed, but it is still a liability for the users to be able to >> see e-mails/etc of other users. >> >> Is there any way to limit the information that certain users can see >> (ie, they could login, but not see any records)? >> >> Please let me know soon. >> >> Thanks, >> Kevin > > > Hi Kevin, > > I'm moving this topic to the users list... > > There's a chapter about this topic in the doco. Please see the User Guides > on the topic "authorization". > > Depending on what you intend to allow/disallow your users to see in your > directory, you might also need to write some ACIs. If you want, I can assist > you setting this up. > > Please note that ehe documentation still mentions the server.xml file. This > file is however obsolete in version 2.0. Instead, config is done directly in > the server. You can alter the configuration using ehe Directory Studio. Just > look under the ou=config node. > > Kind regards > Oliver > -- Thanks, Kevin
